From ef0407939f1bc6e5ea853bba892d2dd6ec3fd464 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 01:58:01 +0100 Subject: Add privileges configuration to siproxd package, install/deinstall/service handling cleanups --- config/siproxd/siproxd.xml | 81 +++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 36 deletions(-) diff --git a/config/siproxd/siproxd.xml b/config/siproxd/siproxd.xml index e4375d8e..b0866eb1 100644 --- a/config/siproxd/siproxd.xml +++ b/config/siproxd/siproxd.xml @@ -43,25 +43,25 @@ ]]> siproxdsettings - 1.0.6 + 1.0.7 siproxd: Settings /usr/local/pkg/siproxd.inc - /pkg_edit.php?xml=siproxd.xml&id=0 + /pkg_edit.php?xml=siproxd.xml siproxd - Modify siproxd users and settings.
Services
- /pkg_edit.php?xml=siproxd.xml&id=0 + /pkg_edit.php?xml=siproxd.xml siproxd siproxd.sh siproxd + Proxy/Masquerading Daemon for SIP Settings - /pkg_edit.php?xml=siproxd.xml&id=0 + /pkg_edit.php?xml=siproxd.xml @@ -81,6 +81,10 @@ /usr/local/pkg/ https://packages.pfsense.org/packages/config/siproxd/siproxd.inc + + /etc/inc/priv/ + https://packages.pfsense.org/packages/config/siproxd/siproxd.priv.inc + /usr/local/www/ https://packages.pfsense.org/packages/config/siproxd/siproxd_registered_phones.php @@ -89,23 +93,23 @@ Enable siproxd sipenable - Enable or disable siproxd + Enable or disable siproxd. checkbox - Inbound interface + Inbound Interface if_inbound Select the inbound interface. interfaces_selection - Outbound interface + Outbound Interface if_outbound Select the outbound interface. interfaces_selection - Listening port + Listening Port port input + 5060 - Default expiration timeout + Default Expiration Timeout defaulttimeout - If a REGISTER request dose not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer. + If a REGISTER request does not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer. input @@ -126,38 +131,36 @@ listtopic - Enable RTP proxy + Enable RTP Proxy rtpenable - Enable or disable the RTP proxy. (default is enabled) + Enable or disable the RTP proxy. (Default: enabled) select - - + + + 1 - RTP port range (lower) + RTP Port Range (Lower) rtplower - Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7070). + Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7070) input + 7070 - RTP port range (upper) + RTP Port Range (Upper) rtpupper - Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7079). + Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7079) input + 7079 - RTP stream timeout + RTP Stream Timeout rtptimeout - After this number of seconds, an RTP stream is considered dead and proxying it will be stopped (default 300sec). + After this number of seconds, an RTP stream is considered dead and proxying it will be stopped. (Default: 300sec) input + 300 Dejittering Settings @@ -180,7 +183,7 @@ listtopic - TCP inactivity timeout + TCP Inactivity Timeout tcp_timeout tcp_connect_timeout - This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - while waiting for a connect to succeed no SIP messages are processed (RTP is not affected). + Defines How many msecs siproxd will wait for a successful connect when establishing an outgoing SIP signalling connection.
+ This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - no SIP messages are processed while waiting for a connect to succeed (RTP is not affected). ]]> input @@ -212,19 +215,19 @@ listtopic - Enable proxy authentication + Enable Proxy Authentication authentication - If this is checked, clients will be forced to authenticate themselves at the proxy (for registration only). + If checked, clients will be forced to authenticate themselves at the proxy (for registration only). checkbox - Outbound proxy hostname + Outbound Proxy Hostname outboundproxyhost Enter the hostname of an outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross. input - Outbound proxy port + Outbound Proxy Port outboundproxyport Enter the port of the outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross. input @@ -266,7 +269,7 @@ checkbox - Log redirected calls + Log Redirected Calls plugin_defaulttarget_log Log redirected calls. checkbox @@ -371,6 +374,12 @@ input + + install_package_siproxd(); + + + deinstall_package_siproxd(); + sync_package_siproxd(); @@ -378,7 +387,7 @@ sync_package_siproxd(); - siproxd_generate_rules(); + siproxd_generate_rules validate_form_siproxd($_POST, $input_errors); -- cgit v1.2.3 From d0380878ed31ff922a56afadce09d22e2b5c9b0d Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 01:59:41 +0100 Subject: Add privileges configuration to siproxd package --- config/siproxd/siproxd.priv.inc | 42 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 config/siproxd/siproxd.priv.inc diff --git a/config/siproxd/siproxd.priv.inc b/config/siproxd/siproxd.priv.inc new file mode 100644 index 00000000..9980a353 --- /dev/null +++ b/config/siproxd/siproxd.priv.inc @@ -0,0 +1,42 @@ + -- cgit v1.2.3 From 15a62f8841ce76d6d148b4caccfc31830b74f25a Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:00:35 +0100 Subject: Some description cosmetics --- config/siproxd/siproxdusers.xml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/config/siproxd/siproxdusers.xml b/config/siproxd/siproxdusers.xml index 6dd53efe..390c4f35 100644 --- a/config/siproxd/siproxdusers.xml +++ b/config/siproxd/siproxdusers.xml @@ -43,13 +43,13 @@ ]]> siproxdusers - 1.0.6 + 1.0.7 siproxd: Users /usr/local/pkg/siproxd.inc Settings - /pkg_edit.php?xml=siproxd.xml&id=0 + /pkg_edit.php?xml=siproxd.xml Users @@ -61,7 +61,6 @@ /siproxd_registered_phones.php - installedpackages->package->$packagename->configuration->settings Username @@ -76,19 +75,19 @@ Username username - Enter the username here + Enter the username here. input Password password - Enter the password here + Enter the password here. password Username Description description - Enter the description of the user here + Enter the description of the user here. input -- cgit v1.2.3 From 11dd2b4dfd33040fe389b951b1d43fb6a2f1da2e Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:03:21 +0100 Subject: Install/deinstall/service handling cleanups --- config/siproxd/siproxd.inc | 60 ++++++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 20 deletions(-) diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index 50b6e558..f97025a8 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -31,6 +31,7 @@ if (!function_exists("filter_configure")) { require_once("filter.inc"); } +require_once("pfsense-utils.inc"); require_once("service-utils.inc"); // Check to find out on which pfSense version the package is running @@ -42,6 +43,18 @@ if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('SIPROXD', '/usr/local'); } +function install_package_siproxd() { + siproxd_create_chroot(); + /* remove rc script distributed with the package */ + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); +} + +function deinstall_package_siproxd() { + rmdir_recursive("/var/siproxd"); + unlink_if_exists(SIPROXD . '/etc/siproxd.conf'); + unlink_if_exists(SIPROXD . '/etc/siproxd_passwd.cfg'); +} + function sync_package_siproxd_users() { global $g, $config; conf_mount_rw(); @@ -66,21 +79,21 @@ function siproxd_generate_rules($type) { $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; if (!is_service_running('siproxd')) { - log_error("Siproxd is installed but not started. Not installing redirect rules."); + log_error("[siproxd] Package is installed but not started. Not installing firewall rules."); return; } /* proxy is turned off in package settings */ - if ($siproxd_conf['sipenable'] == "0") { - log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); + if ($siproxd_conf['sipenable'] != "on") { + log_error("[siproxd] WARNING: siproxd proxy has not been enabled. Not installing firewall rules."); return "\n"; } $ifaces = explode(",", $siproxd_conf['if_inbound']); $ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces); - $rtplower = ($siproxd_conf['rtplower'] ? $siproxd_conf['rtplower'] : 7070); - $rtpupper = ($siproxd_conf['rtpupper'] ? $siproxd_conf['rtpupper'] : 7079); - $port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060); + $rtplower = $siproxd_conf['rtplower'] ?: '7070'; + $rtpupper = $siproxd_conf['rtpupper'] ?: '7079'; + $port = $siproxd_conf['port'] ?: '5060'; switch($type) { case 'nat': @@ -108,18 +121,24 @@ function siproxd_generate_rules($type) { return $rules; } -function sync_package_siproxd() { - global $config, $pfs_version; - - conf_mount_rw(); - +function siproxd_create_chroot() { $siproxd_chroot = "/var/siproxd/"; safe_mkdir($siproxd_chroot); @chown($siproxd_chroot, "nobody"); @chgrp($siproxd_chroot, "nobody"); - unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); +} - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; +function sync_package_siproxd() { + global $config, $pfs_version; + + conf_mount_rw(); + siproxd_create_chroot(); + + if (is_array($config['installedpackages']['siproxdsettings'])) { + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + } else { + $siproxd_conf = array(); + } $siproxd_conffile = SIPROXD . '/etc/siproxd.conf'; $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; @@ -136,9 +155,14 @@ function sync_package_siproxd() { fwrite($fout, "# This file was automatically generated by the pfSense\n"); fwrite($fout, "# package management system.\n\n"); - /* proxy is turned off in package settings */ + /* if proxy is turned off in package settings, stop service, remove rc script and do nothing else */ if ($siproxd_conf['sipenable'] == "0") { fclose($fout); + if (is_service_running('siproxd')) { + stop_service("siproxd"); + sleep(3); + } + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd.sh'); return; } @@ -147,11 +171,7 @@ function sync_package_siproxd() { } if ($siproxd_conf['if_outbound'] != "") { - if (intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { - fwrite($fout, "if_outbound = ng0\n"); - } else { - fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); - } + fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); } if ($siproxd_conf['port'] != "") { @@ -286,7 +306,7 @@ function sync_package_siproxd() { sleep(3); } /* Only (re)start the service when siproxd is enabled */ - if ($siproxd_conf['sipenable'] != "0") { + if ($siproxd_conf['sipenable'] == "on") { start_service("siproxd"); sleep(3); } -- cgit v1.2.3 From 782326b2301855f60ef4c2b98c78babe821ef229 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:09:05 +0100 Subject: Make sure config item is an array --- config/siproxd/siproxd.inc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index f97025a8..9eae2567 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -77,7 +77,12 @@ function sync_package_siproxd_users() { function siproxd_generate_rules($type) { global $config; - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + if (is_array($config['installedpackages']['siproxdsettings'])) { + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + } else { + $siproxd_conf = array(); + } + if (!is_service_running('siproxd')) { log_error("[siproxd] Package is installed but not started. Not installing firewall rules."); return; @@ -156,7 +161,7 @@ function sync_package_siproxd() { fwrite($fout, "# package management system.\n\n"); /* if proxy is turned off in package settings, stop service, remove rc script and do nothing else */ - if ($siproxd_conf['sipenable'] == "0") { + if ($siproxd_conf['sipenable'] != "on") { fclose($fout); if (is_service_running('siproxd')) { stop_service("siproxd"); -- cgit v1.2.3 From ddcbcbc0ca9b20e192039c96c7cb0639304197e9 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:11:30 +0100 Subject: Bump siproxd package version --- pkg_config.10.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 78b56b5b..22420d65 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -568,7 +568,7 @@ net/siproxd - 1.0.6 + 1.0.7 BETA 2.2 siproxd.xml -- cgit v1.2.3 From 4c4fa0d02aa21416ebdb042e6af8d7e3cc589e27 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:12:21 +0100 Subject: Bump siproxd package version --- pkg_config.8.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 520fb3b0..08d52452 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -594,9 +594,9 @@ siproxd-0.8.0-i386.pbi https://doc.pfsense.org/index.php/Siproxd_package /usr/ports/net/siproxd - 0.8.0_1 pkg v1.0.3 + 0.8.0_1 pkg v1.0.7 Beta - 1.2.1 + 2.1 siproxd.xml -- cgit v1.2.3 From b232a2747917fddad4649d0c80ded8818b912d4f Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:13:12 +0100 Subject: Bump siproxd package version --- pkg_config.8.xml.amd64 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index a452835b..64d12ee7 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -581,9 +581,9 @@ siproxd-0.8.0-amd64.pbi https://doc.pfsense.org/index.php/Siproxd_package /usr/ports/net/siproxd - 0.8.0_1 pkg v1.0.3 + 0.8.0_1 pkg v1.0.7 Beta - 1.2.1 + 2.1 siproxd.xml -- cgit v1.2.3 From 151f82ac6ba92ac6e4b415fc7e3a2a8eb2fadbef Mon Sep 17 00:00:00 2001 From: doktornotor Date: Tue, 17 Nov 2015 02:20:55 +0100 Subject: Nuke cruft from URL --- config/siproxd/siproxd_registered_phones.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/siproxd/siproxd_registered_phones.php b/config/siproxd/siproxd_registered_phones.php index 51eb474a..0648aa2f 100644 --- a/config/siproxd/siproxd_registered_phones.php +++ b/config/siproxd/siproxd_registered_phones.php @@ -82,7 +82,7 @@ require("head.inc");